Developer finds hidden smartphone logging app

A security researcher by the name of Trevor Eckhart has uncovered a hidden application installed on many popular smartphones that logs nearly everything the user does. Eckhart has posted a 17-minute video on YouTube that shows how the software tracks text messages, Google searches, phone numbers and more.

In the video, Eckhart details the process on his HTC EVO 3D but the software is present on other handsets from manufacturers like RIM and Nokia. The app is called HTC IQ Agent on the EVO 3D and it’s impossible to stop the application from running in the app settings on HTC Android devices. The video shows how the application tracks button presses and even SMS text messages. Furthermore, HTC IQ Agent logs browser searches, even if you are using encryption methods like https. With https, anything after the domain name should be encrypted – it’s not in this case.

Eckhart calls Carrier IQ a rootkit on his blog, which is a term for a piece of software that is installed without the user’s knowledge and is typically used for malicious purposes.

The developer has been in a legal battle with Carrier IQ for some time now. The company sent him a cease and desist letter earlier this month claiming that he violated copyright laws when he published training manuals on his blog. Digital rights group Electronic Frontier Foundation came to Eckhart’s defense and Carrier IQ eventually retracted the legal threat. The group feels that Eckhart has “raised substantial privacy concerns” regarding software that many consumers don’t know about.

Carrier IQ bills themselves as "the leading provider of Mobile Service Intelligence Solutions to the Wireless Industry." A ticker on the company's website shows over 141 million handsets have been deployed running their software. A PDF published on November 16 claims the company does not record keystorkes or provide tracking tools. After watching Eckhart's video, however, it's difficult to believe such a statement. What do you think?